to-issues

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill’s runtime path explicitly fetches “issue number, URL, or path” from the issue tracker and then reads the full body and comments, which are outsider-authored free text when the referenced issue/comment author is not the operating user.